|
|
Security Monitoring of Home IoT Networks
Krajč, Patrik ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
The main purpose of my bachelor thesis is create system for security monitoring of home IoT networks and user interface for network anomalies detection. Final application shows information about traffic in specified time intervals for specific day and hour. Traffic information are obtained from IPFIX records stored in MySQL database. Used test kits of IPFIX records were created from communication of locally connected devices that used CoAP protocol.
|
|
|
Security Monitoring of Applications in Azure
Doležal, Vojtěch ; Petr,, Svojanovský (referee) ; Ondrák, Viktor (advisor)
This thesis combines two major topics of today's IT. Security and cloud computing is something that every company is dealing with today and entire countries are aware of their importance. The thesis deals with the monitoring and security of services in Microsoft Azure secured exclusively by native services. The goal of the thesis is to find out whether native Azure security services can replace the shortcomings in the security of the applications themselves. If these services are not able to do that, it must be decided whether their usage is beneficial. The theoretical part deals with cloud computing and information security. The analytical part describes Skoda Auto and the Microsoft Azure service, including the important services it offers. The design part documents the testing and the results obtained by it. The result of the work is the finding that the deployment of monitoring and security in the cloud does not solve the problem of insufficiently secure applications. However, it can contribute to security, not only to the security of the applications themselves, but also to the security of the entire cloud environment.
|
|
|
Integration of advanced artificial intelligence methods with log management security systems
Sedláček, Jiří ; Mikulec, Marek (referee) ; Safonov, Yehor (advisor)
Cyber security is a very important aspect of everyone’s daily life. With the ever-expanding cyberspace and its growing influence on the real world, the issue of cyber security is all the more important. The theoretical part of the thesis describes the basic aspects of security monitoring. Also, the process of collecting event logs and their management is briefly described. An important means of security monitoring is the management of security information and events. Its advantages, disadvantages and possible improvements with artificial intelligence are discussed. Security orchestration, automation and response functions are also mentioned in the theoretical part. Machine learning techniques such as neural networks and deep learning are also mentioned. This section also focuses on cyber operations centres in terms of improving the efficiency of human ”manual” labour. A survey of possible machine learning techniques for this use case has been conducted, as the lack of human resources is a critical issue within security operations centres. The practical part of the thesis involves setting out a goal (text sequence classification) that could make the work considerably easier in terms of manually categorizing event logs according to their source. For this set task, security monitoring related data was collected from different log sources. In the practical part, the methods for processing this data are also described in detail. Subsequently, a suitable neural network model was selected and its technical description was performed. Finally, the final data processing and the process of training, validating and testing the model are described. Three scenarios were developed for this process, which are then described in detail in the measurement results.
|
|
|
Log Analysis Using TeskaLab Platform
Kocinec, Patrik ; Jeřábek, Kamil (referee) ; Ryšavý, Ondřej (advisor)
This work describes the usage of machine learning methods for processing logging information on LogMan.io system. The work includes a description of methods of processing logging information for the purposes of security monitoring, as well as machine learning methods and principles of data processing. Subsequently, the work focuses on the introduction of the LogMan.io system and its components. Then, an application for processing logging information is designed and implemented on LogMan.io system, which uses machine learning methods to detect malign domains. When implementing the application for model training, several methods were used focusing on the accuracy of detection.
|
|
|
DNS firewall and its deployment and integration in cyber center
Doležal, Martin ; Kubánková, Anna (referee) ; Jeřábek, Jan (advisor)
This bachelor's thesis deals with the deployment, integration, and testing of a DNS firewall in a security operations center. It describes the connection of endpoints and remote local area networks to the DNS firewall located in the security operations center. Furthermore, the enforcement of the DNS firewall is described. The main goal of the thesis was to deploy and integrate a DNS firewall inside a security operations center. The first chapter describes the security operations center in general. The second chapter deals with the DNS system. The following chapter describes the security of the DNS system and security of DNS requests, the reader is informed of the term DNS firewall and RPZ and VPN technologies. The fourth chapter describes the DNS firewall deployment process and its integration in a real security operations center. The next chapter describes connection methods of endpoint and remote local area networks to the DNS firewall and its enforcement inside the security operations center. The last chapter deals with performance testing and deployed DNS firewall availability. The outcome of the thesis involves a deployed, integrated, fully-functional, and tested DNS firewall in a real-world security operations center. The Bind software package along with the RPZ technology was used to implement and deploy the DNS firewall. For testing and connection of endpoints, the VPN technology, and the RIPE Atlas network was used.
|
|
|
Industrial control system security design
Strnad, Matěj ; Martin,, Keprt (referee) ; Sedlák, Petr (advisor)
The subject of the master's thesis is a design of security measures for securing of an industrial control system. It includes an analysis of characteristics of communication environment and specifics of industrial communication systems, a comparison of available technological means and a design of a solution according to investor's requirements.
|
|
|
Enhancing Security Monitoring with AI-Enabled Log Collection and NLP Modules on a Unified Open Source Platform
Safonov, Yehor ; Zernovic, Michal
The number of computer attacks continues to increasedaily, posing significant challenges to modern securityadministrators to provide security in their organizations. Withthe rise of sophisticated cyber threats, it is becoming increasinglydifficult to detect and prevent attacks using traditional securitymeasures. As a result, security monitoring solutions such asSecurity Information and Event Management (SIEM) have becomea critical component of modern security infrastructures. However,these solutions still face limitations, and administrators areconstantly seeking ways to enhance their capabilities to effectivelyprotect their cyber units. This paper explores how advanced deeplearning techniques can help boost security monitoring capabilitiesby utilizing them throughout all stages of log processing. Thepresented platform has the potential to fundamentally transformand bring about a significant change in the field of securitymonitoring with advanced AI capabilities. The study includes adetailed comparison of modern log collection platforms, with thegoal of determining the most effective approach. The key benefitsof the proposed solution are its scalability and multipurposenature. The platform integrates an open source solution andallows the organization to connect any event log sources or theentire SIEM solution, normalize and filter data, and use thisdata to train and deploy different AI models to perform differentsecurity monitoring tasks more efficiently.
|
|
|
Tool for mapping computer infrastructure assets and designing SIEM correlation rules for security monitoring
Hrabálek, Matěj ; Caha, Tomáš (referee) ; Safonov, Yehor (advisor)
With the growing popularity of the SOC service, which often uses SIEM tools, new challenges arise regarding the implementation of these tools into individual infrastructures that can face cyber attacks. SIEM tools can detect cyber attacks only if they are configured correctly, i.e. they collect the right logs. This bachelor’s thesis is used for the facilitation of the process of implementing SIEM into the internal infrastructure. They discuss the appropriate categorization of log sources and correlation rules, the naming of correlation rules, and a system for mapping log sources to relevant correlation rules is proposed, which facilitates the implementation of SIEM into the infrastructure. All knowledge is then implemented into a web application, which is the practical output of this bachelor’s thesis. The web application allows the user, who is going to implement a SIEM service into their own infrastructure, to enter data about the infrastructure, especially log sources that can be generated in the infrastructure, and offers suitable correlation rules, including their naming, to the respective log sources. In addition to logs, SIEM technology and correlation rules, the theoretical part also discusses general knowledge from cyber security and describes the Security Operations Center.
|
|
|
Web application for development and maintenance of SIEM system correlation rules
Bielik, Oliver ; Mikulec, Marek (referee) ; Safonov, Yehor (advisor)
Today’s world of technology is developing rapidly and constantly. Just as quickly, new risks are forming that threaten this sphere. For this reason, technologies need to be monitored and hazards prevented from entering systems. One of the technologies that helps this protection is a system called SIEM. This system serves as an investigative tool that allows security monitoring and investigations to be carried out. Security monitoring is carried out based on the correlation rules that are developed in security operations centers (SOC). Their task is to look for the potential dangers and report them. The main goal of the presented bachelor thesis is to create a tool that allows developers in SOC to easily develop correlation rules. The aim of the application is to simplify development and ensure a better overview of individual correlation rules. The theoretical part of the bachelor thesis focuses on the issue of security monitoring and explains it to the reader. It describes in more detail the functioning of the system and the work of SOC operators, whose job is the development of correlation rules as well. The practical part of the bachelor thesis is aimed at facilitating the development of these rules. The last part of the bachelor thesis is a conclusion, it briefly describes to the reader the observed facts and processing of the requirements for the bachelor thesis.
|
|
|
Security Monitoring of Applications in Azure
Doležal, Vojtěch ; Petr,, Svojanovský (referee) ; Ondrák, Viktor (advisor)
This thesis combines two major topics of today's IT. Security and cloud computing is something that every company is dealing with today and entire countries are aware of their importance. The thesis deals with the monitoring and security of services in Microsoft Azure secured exclusively by native services. The goal of the thesis is to find out whether native Azure security services can replace the shortcomings in the security of the applications themselves. If these services are not able to do that, it must be decided whether their usage is beneficial. The theoretical part deals with cloud computing and information security. The analytical part describes Skoda Auto and the Microsoft Azure service, including the important services it offers. The design part documents the testing and the results obtained by it. The result of the work is the finding that the deployment of monitoring and security in the cloud does not solve the problem of insufficiently secure applications. However, it can contribute to security, not only to the security of the applications themselves, but also to the security of the entire cloud environment.
|
guest ::
